Dependable infrastructure systems - PowerPoint PPT Presentation

About This Presentation
Title:

Dependable infrastructure systems

Description:

Secure Systems Research Group - FAU. What is infrastructure ... directions in homeland security is the protection of critical infrastructure. ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 17
Provided by: ed9122
Learn more at: https://www.cse.fau.edu
Category:

less

Transcript and Presenter's Notes

Title: Dependable infrastructure systems


1
Dependable infrastructure systems
  • E.B. Fernandez

2
What is infrastructure
  • One of the most important directions in homeland
    security is the protection of critical
    infrastructure.
  • These are the systems that support our everyday
    life and environment
  • The Dept. of Homeland Security has identified 14
    areas of concern including agriculture,
    information and telecommunications, food, energy,
    water, transportation, public health, and finance

3
Complex systems
  • All these functions are controlled by systems
    which are complex and which are becoming
    increasingly interdependent
  • Some are even mutually dependent, e.g. electric
    power generation may require oil and oil
    production may require electricity
  • They are usually distributed, real-time systems,
    may use the Internet as communication medium, and
    may include wireless and embedded devices.
  • They must be available always

4
Threats
  • These systems are vulnerable to unintentional
    errors equipment failure, human errors, weather,
    and accidents
  • They are also the object of intentional attacks
    external (hackers) and insiders (internal
    attacks).

5
Defenses
  • We need to protect the information necessary to
    control and coordinate these systems against
    intentional attacks and accidental events.
  • Also physical threats, access to buildings and
    installations
  • It is necessary to extend the standard models of
    security and reliability to consider this
    combination

6
Process Control Systems
7
ICSs
  • ICSs are implemented as supervisory control and
    data acquisition (SCADA) systems, distributed
    control systems (DCS), and Programmable Logic
    Controllers (PLCs)
  • SCADA systems are highly distributed systems that
    control geographically scattered units (field
    devices) using centralized data acquisition and
    control (control center)
  • Field devices control local operations such as
    opening and closing valves, collecting data from
    sensors, and monitoring for alarm conditions
  • Typical uses include electric power systems,oil
    and gas pipelines, water utilities,
    transportation nets, intelligent buildings, and
    any application that requires remote monitoring
    and control.

8
SCADA
  • SCADA architectures typically use layered
    architectures a hierarchy of architectural
    layers
  • Typical requirements include 24x7 operation,
    real-time behavior, remote control, distribution
  • To communicate between the Master control and its
    units the DNP3 (Distributed Network Protocol) is
    typically used
  • From a security point of view, these systems are
    the most interesting because they are the most
    vulnerable the remote units are subject to
    physical attacks while the communication lines
    are subject to information attacks
  • The main security objectives here include
    availability and integrity, confidentiality and
    non-repudiation are not very important..

9
Convergence of access control
  • Homeland security has brought an interest in
    control of access to buildings and other physical
    structures.
  • The need to protect assets in buildings and to
    control access to restricted areas such as
    airports, naval ports, government agencies, and
    nuclear plants, created a great business
    opportunity for the physical access control
    industry and a good amount of interest in the
    research community.
  • Recognition that access control to information
    and access control to physical locations have
    many common aspects. The most basic model of
    access control uses a tuple (s,o,t), subject,
    object, access type. If we interpret s as a
    person (instead of an acting executing entity), o
    as a physical structure (instead of a
    computational resource), and t as a physical
    access type (instead of resource access), we can
    make an analogy where we can apply known results
    or approaches from information access control.

10
Access control unification
  • One way to achieve this unification is using a
    conceptual abstraction for the definition of
    security requirements analysis and security
    patterns
  • A pattern is an encapsulated solution to a
    recurrent problem in a given context. A security
    pattern defines a solution to a security problem.
  • The use of patterns has been increasing in
    industry because of their potential to improve
    software quality. Security patterns have only
    recently become accepted by industry and
    Microsoft, IBM, and Sun have web pages on this
    topic. Also, two books have appeared recently. We
    have presented several security patterns for
    access control to information
  • We examined existing systems, industry standards,
    and government regulations to find as patterns a
    core set of features that a physical access
    control system should have.
  • From these patterns, it is possible to define
    more specific patterns that can be used to build
    systems for a given protocol or to define new
    protocols.

11
Pattern diagram
12
Access Control to Physical Structures
  • Applies authentication and authorization to the
    control of access to physical units including
    alarm monitoring, relays, and time schedules that
    can control when things will happen.
  • Example Building management wants to put in
    place an access control system to control access
    to certain zones and to control who can access
    the zones. They need to deny all access to
    certain zones after 5pm. They want to generate
    alarms when someone tries to access a zone for
    which they do not have permission and start
    monitoring alarms for all the exterior doors at
    8pm. Moreover, they want to turn on the main door
    light at 7pm.
  • Context Physical environment with access control
    system where we need to control access and turn
    on/off devices based on time constrains.

13
Solution
Define the structure of an access control
system using an RBAC pattern. Integrate the
Alarms Monitoring and Relays patterns and
introduce the concept of a time schedule to
control when things can/must happen. Time
Schedules have two uses to control access times
and to configure automatic actions.
14
(No Transcript)
15
Ideas
  • Describe through patterns the basic features and
    concepts for any Physical Access Control system,
    specialize models for specific environments
  • Patterns can guide the design of physical access
    control systems or they can be used to evaluate
    current products or standards
  • Extensions dynamic restriction of the locations
    where a suspicious user could go or
    reconfiguration of exits in case of emergencies
  • Privacy-oriented restrictions
  • Combination with context-based access control

16
More ideas
  • Patterns for SCADA systems and for dependable
    SCADA systems
  • Dependability patterns in general
  • Models to combine information and physical access
    control
  • Use of identity and context for authentication
    and access control
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Dependable infrastructure systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!